To clarify, yes, the principal that is used to connect to Internet Identity on the frontend will be different from the identity of the user who owns the NFTs.
-
You could ask the user to input the principal that they used to purchase the NFT. This would “reveal” the identity of the user.
-
As an alternative, you could not use Internet Identity as an authentication. You could require the user to authenticate with the same wallet as they used to get the NFT (ex. Plug).